| ▲ | bsza 5 hours ago | ||||||||||||||||
What counts as "large"? I'm pretty sure at some point in my life I'd opened the entirety of Moby Dick in Notepad. Unless you want to look for text in a binary file (which Notepad definitely isn't for) I doubt you'll run into that problem too often. Also, I hope the irony of you citing Notepad++ [1] as what Notepad should aim to be isn't lost on you. My point being, these kinds of vulnerabilities shouldn't exist in a fucking text editor. [1] https://notepad-plus-plus.org/news/hijacked-incident-info-up... | |||||||||||||||||
| ▲ | breppp 3 hours ago | parent | next [-] | ||||||||||||||||
I know about the vulnerabilities in notepad++, however I was referring to the feature set. Regarding large, I am referring to log files for example. I think the issue was lack of use of memory mapped files, which meant the entire file was loaded to RAM always, often giving the frozen window experience | |||||||||||||||||
| ▲ | vel0city 4 hours ago | parent | prev [-] | ||||||||||||||||
> What counts as "large"? Remote into a machine that you're not allowed to copy data out of. You only have the utilities baked into Windows and whatever the validated CI/CD process put there. You need to open a log file that has ballooned to at least several hundred megabytes, maybe more. Moby Dick is about 1MB of text. That's really not much compared to a lot of log files on pretty hot servers. I do agree though, if we're going to be complaining about how a text editor could have security issues and pointing to Notepad++ as an example otherwise, its had its own share of notable vulnerabilities even before this update hijacking. CVE-2017-8803 had a code execution vulnerability on just opening a malicious file, this at least requires you to click the rendered link in a markdown file. | |||||||||||||||||
| |||||||||||||||||